1. HIPAA Applicability

Not a Covered Entity: As a law firm, we are not a healthcare provider, health plan, or healthcare clearinghouse. Therefore, we are not directly subject to HIPAA regulations.

Business Associate Obligations: When we receive PHI from healthcare providers or other HIPAA-covered entities in connection with legal services, we act as a business associate and comply with applicable HIPAA requirements through Business Associate Agreements (BAAs).

2. When We Receive Health Information

We may receive health information in the following contexts:

• Advance Healthcare Directives: When preparing documents authorizing healthcare decisions
• Special Needs Trusts: Planning for beneficiaries with medical conditions
• Incapacity Planning: Addressing long-term care and disability planning
• Trust Administration: Managing trusts for beneficiaries receiving healthcare
• Probate Matters: Handling estates involving medical claims or healthcare decisions

3. How We Protect Health Information

Attorney-Client Privilege

Health information you share with us is protected by attorney-client privilege, which provides stronger protection than HIPAA in most cases. We maintain strict confidentiality of all client communications under California Rules of Professional Conduct.

Security Measures

We implement security measures comparable to HIPAA standards:

• Physical Safeguards: Secure office premises with restricted access
• Technical Safeguards: Encrypted email, secure document storage, password-protected systems
• Administrative Safeguards: Staff training, confidentiality agreements, access controls
• Secure Communication: Client portal for sensitive document exchange

4. Your Rights Regarding Health Information

Even though HIPAA does not directly apply to our law firm, we respect your rights to:

• Access: Review health information in your legal file
• Amendment: Request corrections to inaccurate information
• Disclosure Accounting: Know who we've shared information with
• Confidential Communication: Request we contact you through specific means
• Restrictions: Request limitations on use or disclosure (subject to legal obligations)

5. When We May Disclose Health Information

We may disclose health information:

• With Your Authorization: When you provide written consent
• To Healthcare Providers: When necessary for your legal representation
• To Insurance Companies: When processing claims related to your estate plan
• In Legal Proceedings: When required by court order or subpoena
• To Service Providers: Professionals assisting with your case (under confidentiality agreements)
• As Required by Law: When legally mandated to disclose

6. Business Associate Agreements

When we receive PHI from HIPAA-covered entities, we enter into Business Associate Agreements that require us to:

• Use and disclose PHI only as permitted by the agreement
• Implement appropriate safeguards
• Report breaches to the covered entity
• Ensure subcontractors also comply with HIPAA
• Make PHI available to individuals upon request
• Return or destroy PHI when no longer needed

7. Minimum Necessary Standard

We follow the principle of collecting and using only the minimum health information necessary to provide effective legal representation. We do not request or use health information beyond what is required for your estate planning or trust administration needs.

8. Breach Notification

In the unlikely event of a breach of your health information:

• We will notify you without unreasonable delay
• We will describe what happened and what information was involved
• We will explain steps you can take to protect yourself
• We will describe what we are doing to investigate and prevent future breaches
• We will notify relevant healthcare providers if we received the information under a BAA

9. Staff Training

All staff members receive training on:

• Attorney-client privilege and confidentiality obligations
• Proper handling of sensitive health information
• Security protocols for physical and electronic records
• Privacy requirements under California law
• HIPAA principles when acting as a business associate

10. California Law Protections

In addition to attorney-client privilege, California law provides additional health information protections:

• Confidentiality of Medical Information Act (CMIA): California Civil Code §§ 56-56.37
• California Consumer Privacy Act (CCPA): Privacy rights for California residents
• California Rules of Professional Conduct: Attorney confidentiality obligations

11. Secure Communication Guidelines

Recommended:

• Use our secure client portal for sensitive health information
• Call our office directly to discuss health matters
• Mail documents to our physical office address
• Use encrypted email when available

Not Recommended:

• Unencrypted email for detailed health information
• Text messages containing sensitive health data
• Social media or public messaging platforms
• Website chat for protected health information

12. Changes to This Notice

We reserve the right to modify this HIPAA Compliance Notice. Changes will be posted on this page with an updated effective date. We will notify existing clients of material changes.

13. Questions or Complaints

If you have questions about how we handle health information or wish to file a complaint:

You may also file a complaint with:

• California State Bar: www.calbar.ca.gov
• U.S. Department of Health and Human Services: If the issue involves a healthcare provider

14. No Retaliation

We will not retaliate against you for filing a complaint about our privacy practices or exercising your rights under this notice.